Kim Dotcom promises $13,600 to anyone who breaks Mega encryption

Following a barrage of criticism about the security of his recently unveiled Mega cloud storage service, Kim Dotcom is offering a $13,600 bounty to anyone who can crack the cryptography designed to prevent confidential files from being read by hackers or other unauthorized parties.

When the service debuted two weeks ago, Ars found its encryption methods included some "puzzling choices." The amount of entropy used during the key-generation process appeared to outsiders to be lacking, a potential vulnerability that could make it unnecessarily easy for someone to guess the bits needed to unlock someone else's private files. Mega's documentation was also vague on exactly how private crypto keys were secured.

Forbes reporter Andy Greenberg also took Mega to task, citing several cryptographers who doubted the reliability of the service's encryption scheme. Among other things, the experts criticized its reliance on JavaScript downloaded from Mega servers to encrypt files before uploading them to the service.

Ars has also reported another shortcoming in the service. Mega was sending new users an unencrypted confirmation e-mail containing not only a cryptographic hash of their password but other sensitive data as well, such as the encrypted master key used to decrypt the files stored in the account. That made it possible for anyone who retrieved the e-mail to run the hash through cracking software and potentially retrieve the password needed to access the account.

"Dotcom released a Mega beta that was so buggy he had to get cryptographers to point out all the mistakes," Matthew Green, a cryptographer at Johns Hopkins University, told Ars. "Then, after that, [he] starts offering to pay people money, saying, 'our stuff is so secure it can never be broken.' He's getting free consulting out of it."

It remains unclear from Dotcom's tweet exactly what he means by breaking Mega's encryption. Cryptographers use the word "break" to describe the results of any attack that's faster than brute force, even if the attack requires years or decades to ultimately crack the underlying key. It's unlikely that's what Dotcom had in mind. Would-be contestants should read the rules carefully before entering.